リソースタイプ ALIYUN::VPC::NatGateway を使用すると、NAT Gateway を作成できます。
構文
{
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"Description": String,
"NatGatewayName": String,
"InstanceChargeType": String,
"VSwitchId": String,
"DeletionProtection": Boolean,
"InternetChargeType": String,
"NatType": String,
"DeletionForce": Boolean,
"VpcId": String,
"Tags": List,
"NetworkType": String,
"EipBindMode": String,
"IcmpReplyEnabled": Boolean,
"SecurityProtectionEnabled": Boolean
}
}プロパティ
プロパティ名 | 型 | 必須 | 更新可能 | 説明 | 制約 |
Description | String | いいえ | いいえ | NAT Gateway の説明です。 | 説明は 2 文字以上 256 文字以内である必要があります。また、 |
NatGatewayName | String | いいえ | いいえ | NAT Gateway の名前です。 | 名前は 2 文字以上 128 文字以内である必要があります。先頭文字は英字または漢字でなければなりません。また、 このプロパティを指定しない場合、システムは NAT Gateway の ID を名前として使用します。 |
InstanceChargeType | String | いいえ | いいえ | NAT Gateway の課金方法です。 | 有効な値:
|
VSwitchId | String | はい | いいえ | NAT Gateway の vSwitch ID です。 | 拡張 NAT Gateway を作成する場合は、vSwitch を指定する必要があります。システムは、その vSwitch から未使用のプライベート IP アドレスを NAT Gateway に割り当てます。
拡張 NAT Gateway をサポートするゾーンを照会するには、ListEnhanhcedNatGatewayAvailableZones 操作を呼び出します。vSwitch の利用可能な IP アドレス数を照会するには、DescribeVSwitches 操作を呼び出します。 |
DeletionProtection | Boolean | いいえ | はい | 削除保護を有効にするかどうかを指定します。 | 有効な値:
|
InternetChargeType | String | いいえ | いいえ | NAT Gateway の課金方法です。 | 使用量課金で課金するには、このプロパティを PayByLcu に設定します。 |
NatType | String | いいえ | いいえ | NAT Gateway のタイプです。 | 拡張 NAT Gateway を作成するには、このプロパティを Enhanced に設定します。 |
DeletionForce | Boolean | いいえ | いいえ | NAT Gateway を強制削除するかどうかを指定します。 | 有効な値:
|
VpcId | String | はい | いいえ | NAT Gateway を作成する VPC (Virtual Private Cloud) の ID です。 | 標準 NAT Gateway を作成する場合、VPC のルートテーブルに宛先 CIDR ブロックが 0.0.0.0/0 であるルートエントリが含まれていないことを確認してください。そのようなルートエントリが存在する場合は、事前に削除してください。 説明 この制約は拡張 NAT Gateway には適用されません。 |
NetworkType | String | いいえ | いいえ | NAT Gateway のネットワークタイプです。 | 有効な値:
|
Tags | List | いいえ | はい | タグです。 | 最大 20 個のタグをアタッチできます。 |
EipBindMode | String | いいえ | いいえ | NAT Gateway の EIP 結合モードです。 | 有効な値:
|
IcmpReplyEnabled | Boolean | いいえ | いいえ | ICMP エコーリプライを無効にするかどうかを指定します。 | 有効な値:
|
SecurityProtectionEnabled | Boolean | いいえ | いいえ | ファイアウォール機能を有効にするかどうかを指定します。 | 有効な値:
|
タグの構文
"Tags": [
{
"Key": String,
"Value": String
}
]タグのプロパティ
プロパティ名 | 型 | 必須 | 更新可能 | 説明 | 制約 |
Key | String | はい | いいえ | タグキーです。 | キーは 1 文字以上 64 文字以内である必要があります。先頭文字は英字または漢字でなければなりません。また、 |
Value | String | いいえ | いいえ | タグ値です。 | 値は 0 文字以上 128 文字以内であることができます。先頭文字は英字または漢字でなければなりません。また、 |
戻り値
Fn::GetAtt
NatGatewayId:NAT Gateway の ID。
SNatTableId:SNAT エントリの ID。
ForwardTableId:DNAT エントリの ID。
例
シナリオ 1:NAT Gateway の作成
ROSTemplateFormatVersion: '2015-09-01'
Description: Test ECS NatGateway
Parameters:
VPC:
AssociationProperty: ALIYUN::ECS::VPC::VPCId
Type: String
Label:
zh-cn: Existing VPC Instance ID
en: Existing VPC Instance ID
VSwitch:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Label:
zh-cn: VSwitch ID
en: VSwitch ID
AssociationPropertyMetadata:
VpcId: VPC
Resources:
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
NatGatewayName: mytest
VpcId:
Ref: VPC
VSwitchId:
Ref: VSwitch
Outputs:
NatGatewayId:
Value:
Fn::GetAtt:
- NatGateway
- NatGatewayId
BandwidthPackageId:
Value:
Fn::GetAtt:
- BandwidthPackage
- BandwidthPackageId
BandwidthPackageIps:
Value:
Fn::GetAtt:
- CommonBandwidthPackageIp
- IpAddresses{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test ECS NatGateway",
"Parameters": {
"VPC": {
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
"Type": "String",
"Label": {
"zh-cn": "Existing VPC Instance ID",
"en": "Existing VPC Instance ID"
}
},
"VSwitch": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Label": {
"zh-cn": "VSwitch ID",
"en": "VSwitch ID"
},
"AssociationPropertyMetadata": {
"VpcId": "VPC"
}
}
},
"Resources": {
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": "mytest",
"VpcId": {
"Ref": "VPC"
},
"VSwitchId": {
"Ref": "VSwitch"
}
}
}
},
"Outputs": {
"NatGatewayId": {
"Value": {
"Fn::GetAtt": [
"NatGateway",
"NatGatewayId"
]
}
},
"BandwidthPackageId": {
"Value": {
"Fn::GetAtt": [
"BandwidthPackage",
"BandwidthPackageId"
]
}
},
"BandwidthPackageIps": {
"Value": {
"Fn::GetAtt": [
"CommonBandwidthPackageIp",
"IpAddresses"
]
}
}
}
}シナリオ 2:帯域幅課金の EIP を作成して NAT Gateway に結合する
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
AssociationProperty: ZoneId
VpcId:
Type: String
AssociationProperty: ALIYUN::ECS::VPC::VPCId
VSwitchId:
Type: String
AssociationProperty: ALIYUN::VPC::VSwitch::VSwitchId
AssociationPropertyMetadata:
VpcId: ${VpcId}
ZoneId: ${ZoneId}
Resources:
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
NatGatewayName: example-ngw
VSwitchId:
Ref: VSwitchId
NatType: Enhanced
VpcId:
Ref: VpcId
ZoneId:
Ref: ZoneId
Eip:
Type: ALIYUN::VPC::EIP
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: ALIYUN::VPC::EIPAssociation
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"ZoneId": {
"Type": "String",
"AssociationProperty": "ZoneId"
},
"VpcId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"VSwitchId": {
"Type": "String",
"AssociationProperty": "ALIYUN::VPC::VSwitch::VSwitchId",
"AssociationPropertyMetadata": {
"VpcId": "${VpcId}",
"ZoneId": "${ZoneId}"
}
}
},
"Resources": {
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": "example-ngw",
"VSwitchId": {
"Ref": "VSwitchId"
},
"NatType": "Enhanced",
"VpcId": {
"Ref": "VpcId"
},
"ZoneId": {
"Ref": "ZoneId"
}
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
}
}
}シナリオ 3:クラウドベースのパブリックネットワークアクセス向けに集中型出口を確立するためのインターネット NAT Gateway の展開
ROSTemplateFormatVersion: '2015-09-01'
Description:
en: Create a Virtual Private Cloud (VPC) environment, configure dual-Availability Zone Elastic Compute Service (ECS) instances, and deploy a public-facing NAT Gateway to establish a unified cloud Internet access gateway.
Parameters:
CommonName:
Type: String
Default: unified-egress
ZoneId1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId2
Label:
en: Zone 1
ZoneId2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId1
Label:
en: Zone 2
InstanceType1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId}
Label:
en: ECS Instance Type 1
InstanceType2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId}
Label:
en: ECS Instance Type 2
InstancePassword:
NoEcho: true
Type: String
Description:
en: >-
The server login password. It must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
Label:
en: Instance Password
ConstraintDescription:
en: >-
The password must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
AssociationProperty: 'ALIYUN::ECS::Instance::Password'
Default: null
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName:
Fn::Sub: ${CommonName}-vpc
VSwitch1:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-app1-vsw
VSwitch2:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.2.0/24
ZoneId:
Ref: ZoneId2
VSwitchName:
Fn::Sub: ${CommonName}-app2-vsw
VSwitch3:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.3.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-pub-vsw
SecurityGroup:
Type: 'ALIYUN::ECS::SecurityGroup'
Properties:
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-sg
SecurityGroupIngress:
- PortRange: 443/443
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 80/80
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
EcsInstance1:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_20231219.vhd
InstanceName:
Fn::Sub: ${CommonName}-ecs-1
InstanceType:
Ref: InstanceType1
SystemDiskCategory: cloud_essd
MaxAmount: 1
InternetMaxBandwidthOut: 0
Password:
Ref: InstancePassword
EcsInstance2:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId2
VSwitchId:
Ref: VSwitch2
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_20231219.vhd
InstanceName:
Fn::Sub: ${CommonName}-ecs-2
InstanceType:
Ref: InstanceType2
SystemDiskCategory: cloud_essd
MaxAmount: 1
InternetMaxBandwidthOut: 0
Password:
Ref: InstancePassword
NatGateway:
Type: 'ALIYUN::VPC::NatGateway'
Properties:
NatGatewayName:
Fn::Sub: ${CommonName}-ngw
VSwitchId:
Ref: VSwitch3
NatType: Enhanced
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId1
Eip:
Type: 'ALIYUN::VPC::EIP'
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: 'ALIYUN::VPC::EIPAssociation'
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
SNat:
Type: 'ALIYUN::VPC::SnatEntry'
DependsOn: EipAssociation
Properties:
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatEntryName:
Fn::Sub: ${CommonName}-snat
SourceVSwitchIds:
- Ref: VSwitch1
- Ref: VSwitch2
SnatIp:
Fn::GetAtt:
- Eip
- EipAddress
Outputs:
EcsLoginAddress1:
Description:
en: ECS1 login address.
Value:
Fn::Sub: >-
https://ecs-workbench.aliyun.com/?from=EcsConsole
&instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance1}
EcsLoginAddress2:
Description:
en: ECS2 login address.
Value:
Fn::Sub: >-
https://ecs-workbench.aliyun.com/?from=EcsConsole
&instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance2}
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- ZoneId1
- ZoneId2
Label:
default:
en: VSwitch Zone Configuration
- Parameters:
- InstanceType1
- InstanceType2
- InstancePassword
Label:
default:
en: ECS Instance Configuration
TemplateTags:
- acs:technical-solution:network:implement-centralized-egress-with-internet-nat-gateway-tech_solu_134
Hidden:
- CommonName{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"en": "Create a Virtual Private Cloud (VPC) environment, configure dual-Availability Zone Elastic Compute Service (ECS) instances, and deploy a public-facing NAT Gateway to establish a unified cloud Internet access gateway."
},
"Parameters": {
"CommonName": {
"Type": "String",
"Default": "unified-egress"
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId2"
]
},
"Label": {
"en": "Zone 1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "Zone 2"
}
},
"InstanceType1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId}"
},
"Label": {
"en": "ECS Instance Type 1"
}
},
"InstanceType2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId}"
},
"Label": {
"en": "ECS Instance Type 2"
}
},
"InstancePassword": {
"NoEcho": true,
"Type": "String",
"Description": {
"en": "The server login password. It must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/"
},
"Label": {
"en": "Instance Password"
},
"ConstraintDescription": {
"en": "The password must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/"
},
"AssociationProperty": "ALIYUN::ECS::Instance::Password",
"Default": null
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-app1-vsw"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.2.0/24",
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-app2-vsw"
}
}
},
"VSwitch3": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.3.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-pub-vsw"
}
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-sg"
},
"SecurityGroupIngress": [
{
"PortRange": "443/443",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "80/80",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
}
]
}
},
"EcsInstance1": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_20231219.vhd",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs-1"
},
"InstanceType": {
"Ref": "InstanceType1"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"InternetMaxBandwidthOut": 0,
"Password": {
"Ref": "InstancePassword"
}
}
},
"EcsInstance2": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchId": {
"Ref": "VSwitch2"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_20231219.vhd",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs-2"
},
"InstanceType": {
"Ref": "InstanceType2"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"InternetMaxBandwidthOut": 0,
"Password": {
"Ref": "InstancePassword"
}
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": {
"Fn::Sub": "${CommonName}-ngw"
},
"VSwitchId": {
"Ref": "VSwitch3"
},
"NatType": "Enhanced",
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
}
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
},
"SNat": {
"Type": "ALIYUN::VPC::SnatEntry",
"DependsOn": "EipAssociation",
"Properties": {
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SnatEntryName": {
"Fn::Sub": "${CommonName}-snat"
},
"SourceVSwitchIds": [
{
"Ref": "VSwitch1"
},
{
"Ref": "VSwitch2"
}
],
"SnatIp": {
"Fn::GetAtt": [
"Eip",
"EipAddress"
]
}
}
}
},
"Outputs": {
"EcsLoginAddress1": {
"Description": {
"en": "ECS1 login address."
},
"Value": {
"Fn::Sub": "https://ecs-workbench.aliyun.com/?from=EcsConsole &instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance1}"
}
},
"EcsLoginAddress2": {
"Description": {
"en": "ECS2 login address."
},
"Value": {
"Fn::Sub": "https://ecs-workbench.aliyun.com/?from=EcsConsole &instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance2}"
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"ZoneId1",
"ZoneId2"
],
"Label": {
"default": {
"en": "VSwitch Zone Configuration"
}
}
},
{
"Parameters": [
"InstanceType1",
"InstanceType2",
"InstancePassword"
],
"Label": {
"default": {
"en": "ECS Instance Configuration"
}
}
}
],
"TemplateTags": [
"acs:technical-solution:network:implement-centralized-egress-with-internet-nat-gateway-tech_solu_134"
],
"Hidden": [
"CommonName"
]
}
}
}その他の例については、「このリソースを含むパブリックテンプレート」をご参照ください。